Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to integrate Shiro in SpringBoot". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Native integration

Create a project

To create a Spring Boot project, simply add a Web dependency:

After the project is created successfully, add the dependencies related to Shiro. The dependencies in the complete pom.xml file are as follows:

Org.springframework.boot spring-boot-starter-web org.apache.shiro shiro-web 1.4.0 org.apache.shiro shiro-spring 1.4.0

Create Realm

Next, let's customize the core component Realm:

Public class MyRealm extends AuthorizingRealm {@ Override protected AuthorizationInfo doGetAuthorizationInfo (PrincipalCollection principals) {return null;} @ Override protected AuthenticationInfo doGetAuthenticationInfo (AuthenticationToken token) throws AuthenticationException {String username = (String) token.getPrincipal (); if (! "javaboy" .equals (username)) {throw new UnknownAccountException ("account does not exist!");} return new SimpleAuthenticationInfo (username, "123", getName ());}}

Simple authentication operation can be implemented in Realm without authorization. Authorization is written in the same way as Shiro in SSM. The authentication here means that the user name must be javaboy and the user password must be 123. if such conditions are met, the login can be successful!

Configure Shiro

Next, configure Shiro:

@ Configurationpublic class ShiroConfig {@ Bean MyRealm myRealm () {return new MyRealm ();} @ Bean SecurityManager securityManager () {DefaultWebSecurityManager manager = new DefaultWebSecurityManager (); manager.setRealm (myRealm ()); return manager;} @ Bean ShiroFilterFactoryBean shiroFilterFactoryBean () {ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean (); bean.setSecurityManager (securityManager ()); bean.setLoginUrl ("/ login"); bean.setSuccessUrl ("/ index"); bean.setUnauthorizedUrl ("/ unauthorizedurl") Map map = new LinkedHashMap (); map.put ("/ doLogin", "anon"); map.put ("/ *", "authc"); bean.setFilterChainDefinitionMap (map); return bean;}}

The main configuration of Shiro here is to configure 3 Bean:

First, you need to provide an instance of Realm.

You need to configure a SecurityManager and configure Realm in SecurityManager.

Configure a ShiroFilterFactoryBean, specify path interception rules in ShiroFilterFactoryBean, and so on.

Configure login and test interfaces.

Among them, the configuration of ShiroFilterFactoryBean is slightly more, and the meaning of configuration is as follows:

SetSecurityManager represents the specified SecurityManager.

SetLoginUrl indicates the specified login page.

SetSuccessUrl indicates the specified login success page.

Path interception rules are configured in the next Map, so be careful to be orderly.

After all these things are configured, then configure login Controller:

@ RestControllerpublic class LoginController {@ PostMapping ("/ doLogin") public void doLogin (String username, String password) {Subject subject = SecurityUtils.getSubject (); try {subject.login (new UsernamePasswordToken (username, password)); System.out.println ("login succeeded!");} catch (AuthenticationException e) {e.printStackTrace (); System.out.println ("login failed!") } @ GetMapping ("/ hello") public String hello () {return "hello";} @ GetMapping ("/ login") public String login () {return "please login!";}}

During the test, you first visit the / hello interface. Since you are not logged in, you will automatically jump to the / login interface:

Then call the / doLogin API to complete the login:

Visit the / hello interface again and you can access it successfully:

Use Shiro Starter

The above configuration is actually equivalent to taking the XML configuration in SSM to Spring Boot and rewriting it with Java code. In addition to this way, we can also use the official Starter provided by Shiro directly.

Create the project, as above

After the creation is successful, add shiro-spring-boot-web-starter. This dependency can replace the previous two dependencies, shiro-web and shiro-spring. The pom.xml file is as follows:

Org.springframework.boot spring-boot-starter-web org.apache.shiro shiro-spring-boot-web-starter 1.4.0

Create Realm

The Realm here is the same as the previous one, so I won't repeat it.

Configure Shiro basic information

Next, configure the basic information of Shiro in application.properties:

Shiro.sessionManager.sessionIdCookieEnabled=trueshiro.sessionManager.sessionIdUrlRewritingEnabled=trueshiro.unauthorizedUrl=/unauthorizedurlshiro.web.enabled=trueshiro.successUrl=/indexshiro.loginUrl=/login

Configuration explanation:

The first line indicates whether to allow sessionId to be placed in the cookie

The second line indicates whether sessionId is allowed to be placed in the Url address block.

The third line represents the default jump path when accessing an unauthorized page

The fourth line indicates that shiro is enabled.

The fifth line represents the jump page that successfully logged in

The sixth line represents the login page

Configure ShiroConfig

@ Configurationpublic class ShiroConfig {@ Bean MyRealm myRealm () {return new MyRealm ();} @ Bean DefaultWebSecurityManager securityManager () {DefaultWebSecurityManager manager = new DefaultWebSecurityManager (); manager.setRealm (myRealm ()); return manager;} @ Bean ShiroFilterChainDefinition shiroFilterChainDefinition () {DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition (); definition.addPathDefinition ("/ doLogin", "anon"); definition.addPathDefinition ("/ *", "authc"); return definition This is the end of the introduction of "how to integrate Shiro in SpringBoot". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.